Akamai, coined as the world’s largest and most trusted cloud delivery platform, is the leading content delivery network (CDN) services provider for media and software delivery. Every quarter, Akamai publishes a report on the State of the Internet. This summer, their web attacks report looks into various areas such as the number and type of DDoS (Distributed Denial of Service) attacks through recent months and credential abuse attackers.
The full report can be found on Akamai’s website.
activereach solutions integrate a range of cybersecurity approaches to solve issues similar to those discussed in Akamai’s summer report. For example, within recent months we have helped a global recruitment giant and a large European bank to protect hundreds of thousands of customers’ credentials. This was overcome by implementing a next-generation WAF (web application firewall) solution, and by DDoS testing to expose security vulnerabilities.
If you would like to find out more about these case studies, please view them here.
Trends from November 2017 – April 2018
This period of time has seen a significant increase in many types of attacks. For example, percentage increases are shown as follows;
– 16% in total DDoS
– 16% in the infrastructure layer
– 38% in the application layer
– 4% for reflection
There was a total of 400 million web application attacks found in just these 6 months globally. With regards to the type of web application attacks that were conducted, the most common kind was SQL injections, at 51% of all attacks. This was followed by Local File Inclusion (LFI) at 34%, and Cross-site Scripting (XSS) at 8%.
As the techniques that the hackers are employing are constantly changing, there is an ever-increasing need for better security techniques. An example of this is that DDoS-for-hire sites are continually being shut down following Operation Power Off in April 2018. These sites sell DDoS, or ‘stressor’, software for no more than 50 USD, which easily enables hackers to use them against vulnerable sites. The popular site Webstresser.org closed down in the operation; it was allegedly responsible for approximately 4-6 million attacks.
Akamai’s Spotlight DDoS Attack
The report’s spotlight attack in February 2018 was the biggest breach of security to date, with a massive 1.3 Tbps of traffic generated. This was achieved by using a Memcached reflection attack – a well-known vector that had never previously been used in attacks. It creates a potential amplification factor of over 50,000 times the traffic sent, compared to the usual 500 times for a DNS reflection attack. This is a new record for the largest attack Akamai has seen with more than twice the traffic generated than the last record-breaking attack in September 2017.
This particular Memcached reflection attack was not the first of it’s kind. A few days prior, attacks using the same technique were found and mitigated by Akamai, before reaching the full potential of the spotlight attack. There is evidence to suggest that this type of attack is ongoing in Asia and this particular event is part of a more widespread onslaught. Although these attacks pose a serious threat to the security community, on a more positive note, they do encourage companies to review their security infrastructure and spur on developers to come up with new ways to beat the hackers.
Recent trends show that mitigation attempts have been largely successful, with no attacks of this kind prevailing after the February attack. The majority of companies would be unable to cope with an attack of this scale, as it would exhaust bandwidth and severely affect network performance. This highlights the importance of being fully protected against all types of DDoS attacks.
Credential Abuse Attackers
Bot-based credential abuse attacks have risen significantly over the period of this report, with the hospitality industry being the worst hit. Of the near 112 billion bot requests seen by Akamai, almost 40% of the traffic seen was attributed to the known vector ‘impersonators of known browsers’. This is a major risk for businesses storing data on the Internet, especially in the travel and tourism industry where important credentials such as a customer’s identities and credit card information are captured online.
Geographically, the US remains the largest source of web application traffic. However, looking solely at credential abuse attacks in the hospitality and travel industry, Russia, China and Indonesia were found to be major sources of the abuse. Nearly half of all credential abuse attacks from these countries targeted this industry – with 50 billion attacks targeting cruise line companies alone.
Martin McKeay, Senior Security Advocate at Akamai and Senior Editor of the security report stated,
“These countries have historically been large centres for cyber attacks, but the attractiveness of the hospitality industry appears to have made it a significant target for hackers to carry out bot-driven fraud.”
From all the evidence analysed in Akamai’s report on DDoS and Web Application attacks in the past few months, it is clear that the type and scale of attacks are constantly evolving. In order to keep the risks down, new approaches to providing and designing security are necessary. Furthermore, closer partnerships between security vendors and businesses could help minimise room for a breach in security.
Mike Revell, Managing Director at activereach, warns,
“Looking at the events reported so far this year, I believe that attacks are becoming far more vicious – posing a serious threat to any online business. To keep up with changing attack types, it is crucial for any companies storing customer information to review their security measures and plan for the next unseen threat. Businesses can be particularly vulnerable during the summer period. With staff away on vacation, a security breach could easily go undetected.”
According to Josh Shaul, VP, Web Security Products at Akamai, the type of cyber-criminal we are now seeing is changing. Everyday users can use readily available DDoS-for-hire sites and take advantage of sophisticated toolsets all accessible online, for a fraction of the cost and effort compared with traditional techniques.
He goes on to state that not only are they easier to execute but are far more dangerous. Malware is capable of stealing files and holding for a ransom and capturing credit card information in microseconds of vulnerability. The traditional security defences in use today are not able to withstand these high-level attacks. Josh Shaul’s full account on securing your digital business can be found here.
To understand how your business could be protected against a DDoS attack, please see our pages on DDoS testing and mitigation. Or call activereach on 0845 625 9025 and ask to speak to a Security Consultant.